Schlage BE365 deadbolt hacking

We have a keypad dead bolt on the front door that has been slated for adaption to rfid for ages. About 6 months ago we dismantled the lock and tapped the wiring to the solenoid. The solenoid is tiny, it doesn’t open the lock, just engages the knob so human power can open the lock (hence you get 2 years on a 9V battery). The tapping was tricky, we had to use wirewrap wire to pass the signal through the tiny wire channel from the outside of the door to the rear panel. The lock has been functioning for 6 months with this tap in place so the job was successful.

This weekend we finally put a scope on the wiring to the solenoid to characterise it so we can emulate the keypad electronics with an Arduino. This scope trace shows the bolt being withdraw by the keypad electronics. It applies 5V in one direction, waits about 10s for someone to unlock the door and then applies 5V in the other direction to disengage the knob from the bolt. As the scope trace shows, it is 5V @ 100ms, easy to emulate.

The goal is for the powered down state to revert to keypad usage ie. we can give out keypad codes over the phone when the power/internet are out. Here is the schematic of the shield we’ve built. It turns out that the voltage applied is actually 5V but the rest of the original design is still appropriate.

Next week hopefully we’ll get the shield installed and wired up to the Pi managing the system.